| Errata ID | 331 |
|---|---|
| Date | 2015-05-18 |
| Source package | mysql-5.1 |
| Fixed in version | 5.1.73-1.41.201505131105 |
| Description | Multiple vulnerabilities have been fixed in mysql-5.1: * Insecure creation of the debian.cnf credential file. Credentials could be stolen by a local user monitoring that file while the package gets installed. (CVE-2013-2162) * Buffer overrun in the MySQL client when the server sends a version string that is too big for the allocated buffer (CVE-2014-0001) * Insecure handling of a temporary file that could lead to abritrary execution of code through the creation of a mysql configuration file pointing to an attacker-controlled plugin_dir. (CVE-2014-4274) |
| Additional notes | |
| CVE ID | CVE-2013-2162 CVE-2014-0001 CVE-2014-4274 |
| UCS Bug number | #38520 |
